General
-
Target
bins.sh
-
Size
10KB
-
Sample
241123-zmv5ysskem
-
MD5
acc93149a703834c82d35c5b31becff8
-
SHA1
c3d8bf660a21eb45784dc9329194a0e80df1afca
-
SHA256
ed0804977957488f570fda99c514fa0c6d363077f227de75b18857a47976523f
-
SHA512
f8a9605ba45f141cadc156e369c781a754c0b300c0e6b14b01f4bd4e8d20be1f1ed6e748456d97cd052148bfa5faf31b79bbb34e625a0bcaac1a04ab52d4d120
-
SSDEEP
192:mzkzszjA8AaiuKN1i72Pm2JG76GflnTlCQA1Z1ZdZc7PS9l9N9Me7xxq7maMV9LV:TWjruyx+F
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
acc93149a703834c82d35c5b31becff8
-
SHA1
c3d8bf660a21eb45784dc9329194a0e80df1afca
-
SHA256
ed0804977957488f570fda99c514fa0c6d363077f227de75b18857a47976523f
-
SHA512
f8a9605ba45f141cadc156e369c781a754c0b300c0e6b14b01f4bd4e8d20be1f1ed6e748456d97cd052148bfa5faf31b79bbb34e625a0bcaac1a04ab52d4d120
-
SSDEEP
192:mzkzszjA8AaiuKN1i72Pm2JG76GflnTlCQA1Z1ZdZc7PS9l9N9Me7xxq7maMV9LV:TWjruyx+F
Score9/10-
Contacts a large (2207) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1